Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Authentication Summary

by Cody Dumont
October 31, 2022

Authentication Summary Screenshot

Understanding Cyber Exposure requires that the data collected by Tenable.io is trusted and verifiable. Tenable.io provides several plugins that assist in determining scan status and provides a level of trust for risk managers. This dashboard brings together all the plugins used to verify successful authentication of assets during vulnerability scans, providing security administrators visibility into areas of concern so that the appropriate actions can be taken.

Authentication is a process of connecting to a system by providing credentials to gain access. Tenable.io scans systems by using different network protocols (SSH, SMB, HTTPS, SNMP, etc.) to gain access to the target asset. For example, logging into a remote host via SSH using a username and password is a method of authentication. Each asset can allow authentication using several protocols. Assets with more than one available authentication protocol, for example a Windows server running a SQL server, could report both authentication success and failure.  Understanding this fact during analysis is key to determining if the system was successfully scanned or not. While in many cases the successful authentication of an asset may seem binary, there are many examples of successfully scanned systems with authentication failures.  Tenable recommends that system administrators review all of the failures and investigate the services which are enabled on the asset for a complete analysis.

Local checks are a feature in Tenable.io scans, which enable the scanner to perform security checks on the target asset. Some general checks function without full administrator credentials, but when all possible general checks are completed, Tenable.io verifies privilege escalation to perform more accurate local checks.  The local checks always require authentication and often require elevated privileges. Local checks for major operating systems with security advisories numbering in the thousands are often grouped into their own plugin family, but local check plugins also exist in other families such as Firewalls or Misc.

Local checks require authentication and occur after successful authentication has been established. The following criteria must be satisfied to utilize local checks:

  • The target device or operating system must be identifiable by Tenable.io
  • Local check plugins must be available for the identified device or operating system
  • The information needed to enable local checks for the particular device or operating system must be obtainable from the target asset
  • Except in particular circumstances, such as scanning localhost, remote authentication must first be successful before local checks are enabled

Local checks are required to ensure that scans are complete and accurate. Users enable local checks by providing credentials with elevated privileges, or administrative access, or by deploying Nessus Agents. Tenable.io requires privileged access to provide a comprehensive assessment of risk on an asset. The more access to a system Tenable.io has, the more complete the vulnerability detection.

This dashboard provides a clear and simplified method to track and troubleshoot authentication related problems. The dashboard groups authentication plugins into diagnostic context to show administrators areas of concern to focus on.

Security leaders need to SEE everything, PREDICT what matters most and ACT to address cyber risk and effectively align cybersecurity initiatives with business objectives. Tenable.io discovers and analyzes assets continuously to provide an accurate and unified view of an organization’s security posture. The requirements for this dashboard are: Tenable.io Vulnerability Management (Nessus, NNM).

Widgets

Scan Authentication Summary –  This widget provides a summary of scan health in relation to authentication success and failures. System and network devices must be routinely scanned to ensure they are operating in compliance with organizational and regulatory requirements for vulnerability and configuration management. Evidence of scanning activities is often required by regulatory frameworks and Service Level Agreements (SLAs). Credentialed scanning, which requires authentication to the device, provides the most accurate scanning results. The widget is divided into 3 sections: The Last Scanned within 30 days section displays counts of successful or failed authentications. The Assets with identified Operating Systems section displays counts of successful and failed operating system identification. The Last Scanned older than 30 days section displays counts credential errors. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

Windows Access Checks – This widget provides an indication of the scan health of Windows systems. The plugins used in the matrix report on the tests Nessus requires to perform the detailed checks on systems. These plugins check for permission and access to various aspects of Windows and set required entries that enable Nessus to perform local checks. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM). 

SMB Authentication Detection – This widget provides a summary view of all the informational SMB plugins, which are used to determine the success of Windows asset scans. SMB is the primary protocol used when scanning a Windows device. There are several plugins that use SMB to report on software installation, BIOS enumeration, and many more core attributes. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

Summarize Local Checks Status – This widget provides summaries of local checks status. Local check plugins provide a list of the issues Nessus detects when running a scan. The errors are logged along with the reporting plugin and protocol, if available. The plugins also provide summaries of particular types of authentication local check problems that have been reported by other plugins and report the plugins that encountered these issues. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

Authentication Searches – This widget provides a series of useful queries to help troubleshoot authentication problems. Tenable.io uses multiple protocols, such as SMB, SSH, HTTPS, and SNMP, to conduct authenticated scans against assets. Each of the plugins could be triggered on each protocol used during the scan, so an asset can have an authentication success and authentication failure. Use these queries as a first step in troubleshooting scan success and the overall health of vulnerability collection activities. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

Scan Health – This widget provides a summary of scan health in relation to authentication success and failures. System and network devices must be routinely scanned to ensure they are operating in compliance with organizational and regulatory requirements for vulnerability and configuration management. Evidence of scanning activities is often required by regulatory frameworks and Service Level Agreements (SLAs). Credentialed scanning, which requires authentication to the device, provides the most accurate scanning results. The five columns display asset counts related to: Authentication Success - Scans authenticate successfully with full administrator/root privileges. Scan results will be the most comprehensive. Success but Insufficient Access - Scans authenticate successfully, but do not have privileged access. Scan results will be limited to what a local non-privileged user could see. Success but Intermittent Failure - Scan credentials intermittently fail, which could be caused by session rate limits, session concurrency limits, or other issues preventing consistent authentication success. Authentication Failure (Credentials) - The credentials provided were incorrect. No Credentials Provided - No credentials were provided. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

Local Authentication Information – This widget brings focus to the plugins used to authenticate to a remote host, gathers the information necessary for local checks, and enables local checks. Information enumerated includes Windows SMB Login Possible, SSH OS Software Enumeration, SNMP Authentication, VMware vSphere Installed, PAN-OS Version Detection, and Citrix NetScaler Detection. The output and audit trails provide details of any problems that may have occurred during the scan. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM).

SSH Authentication Detection –  This widget provides a summary view of all the Secure Shell (SSH) plugins, which are used to determine the success of Linux or network device Asset Scanning. Results are sorted by count for each respective SSH plugin. The requirements for this widget are: Tenable.io Vulnerability Management (Nessus, NNM). 

Category

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training